View Issue Details

IDProjectCategoryView StatusLast Update
0034784mantisbtapi restpublic2024-09-30 04:26
Reportervboctor Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionopen 
Product Version2.27.0 
Summary0034784: Retire webservice_rest_enabled config option
Description

The REST API should always be enabled since Javascript will likely use it from the UI in core/plugins. It may also be used from tools and clients. Modern tools never have a config option to turn off their APIs.

Note that REST API doesn't honor legacy config options that were enforced in SOAP like:

  • webservice_readonly_access_level_threshold
  • webservice_readwrite_access_level_threshold
  • webservice_admin_access_level_threshold
TagsNo tags attached.

Relationships

related to 0033019 assigneddregad X-Mantis-Version headers sent when REST API is disabled 

Activities

dregad

dregad

2024-09-30 04:26

developer   ~0069296

I'm absolutely fine with the REST API being always available internally, but I believe it we should allow Admins to block or restrict external usage by end-users.